Yes, it's recognized by Mozilla and others as the job of the Internet
Architecture Board (in particular, the IAB-IDN group) to make a final
decision on how to deal with homographs.

Homographs are a classical example of a PR attack. It's a complete
non-issue. In practice, people don't use domain names to assess the
credibility of web sites. 1/l/I and 0/O are homographs as well, and
the Internet hasn't collapsed as a result.

The really stunning thing about the whole mess is that nobody seems to
grasp that technically, TLDs are not in a position to restrict name
server operators to any character sets in the domain names they use.
After all, I can add any domain name I want to my zone files.

Indeed you can.

But since the TLD registry operators can, and do, control the delegation
of their TLDs, they have de-facto control over the sets of labels that
can be used for second-level domain labels that are publically visible
within their TLD domains, unless you can persuade people to point at
your nameserver other than through the normal delegation from the root.
This means that they can, if they so wish, apply character set
restrictions to those labels. Your TLD registry, for example, can and
does enforce such a policy. (http://www.denic.de/en/richtlinien.html)

On the other hand, there's nothing anyone can do to stop you resolving
whatever labels you like on your own public nameservers, within your
third-level, fourth-level and so on domains. However, this is unlikely
to cause security problems for anyone apart from yourself and/or your
customers.